|
|
Log in / Subscribe / Register

chromium-browser: multiple vulnerabilities

Package(s):chromium-browser CVE #(s):CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746 CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152
Created:June 2, 2014 Updated:March 30, 2016
Description: From the CVE entries:

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation. (CVE-2014-1743)

Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation. (CVE-2014-1744)

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. (CVE-2014-1745)

The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer. (CVE-2014-1746)

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)." (CVE-2014-1747)

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. (CVE-2014-1748)

Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2014-1749)

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. (CVE-2014-3152)

Alerts:
Gentoo 201612-41 webkit-gtk 2016-12-13
openSUSE openSUSE-SU-2016:0915-1 webkitgtk 2016-03-30
Fedora FEDORA-2016-9ec1850fff webkitgtk 2016-03-29
Mageia MGASA-2016-0120 webkit 2016-03-25
Fedora FEDORA-2016-5d6d75dbea webkitgtk 2016-03-22
Ubuntu USN-2937-1 webkitgtk 2016-03-21
Fedora FEDORA-2016-1a7f7ffb58 webkitgtk3 2016-03-21
Fedora FEDORA-2015-6845 v8 2015-05-08
Fedora FEDORA-2015-6908 v8 2015-05-08
Mageia MGASA-2014-0413 chromium-browser-stable 2014-10-09
Gentoo 201408-16 chromium 2014-08-30
Ubuntu USN-2298-1 oxide-qt 2014-07-23
Debian DSA-2939-1 chromium-browser 2014-05-31
openSUSE openSUSE-SU-2014:0783-1 chromium 2014-06-12
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds